active connections when hibernating

[Michael_google gmail_Gersten]

On 7/14/07, Scott Bennett <bennett at cs.niu.edu> wrote:
>      On Fri, 13 Jul 2007 14:59:44 -0700 "Michael_google gmail_Gersten"
> <keybounce at gmail.com> wrote:
> >Hours? Possibly. They'll stay open until the other side closes them,
> >as I understand; that's one hour by default.
>
>      But those are client-side connections.  When routers connect to other
> routers, they tend to keep those connections open.  As I understand it,
> this not only avoids the unnecessary overhead of tearing down and setting
> up new connections to the same places repeatedly, it provides another
> obstruction to anyone trying to do traffic analysis.

Alright, lets see. I have one tor configured as a client only, and one
as a client (on an unused port) and a server. Lsof reports 88 outgoing
connections, and 48 incoming connections. I just closed the ORListener
port, so that one is only doing client (and old server connections).

10 minutes later, I still have 81 outgoing, and 32 incoming.

Oh foo, I fell asleep. Next morning: Client has one outgoing
connection to Lefkada, and server has one connection to pppool:9030
(directory server?), one outgoing to a brazil site on a "random" port,
and one incoming tor connection.

Turning on Vidalia: Vidalia shows two connections to Lefkada, but lsof
only shows one actual socket connection. Dang, but that changes how I
thought tor did communication.

Re-enabling the ORListener on the server (Odd, it's ORPort in the
config, but OR Listener in the logs), and waiting a moment: Wow. I'm
looking at 5 SYN_SENT, one established outgoing tor, one established
incoming tor (and we're talking seconds after publishing the
descriptor), and one established unknown outgoing (Local port is not a
listening port; remote port is a "random" high numbered port). And
that's before the bandwidth test.

Which is itself an interesting question. How can tor publish its
descriptor before it knows how much bandwidth to claim in the
descriptor?

> >Heck, if I shut down my or-port (so no new connections arrive), and
> >turn it off in my browser (so no new outgoing connections are made),
>
>      The client is supposed to continue to maintain some circuits, so
> that some will be ready for use anytime the client should come to need
> them.  Because circuits are old after ten minutes, no new connections
> are made through them, and they are torn down when the last connection
> through them is closed.  In order to keep circuits available, the client
> therefore must keep building new circuits from time to time to replace
> the ones that get aged and closed.

In the past, I've seen that if the client has no activity, it does not
replace the connections. I have seen an idle tor client wind up with
no open sockets.

> >then my tor winds up with no sockets open in about 2 hours. (Maybe
> >less, I haven't checked that frequently)
>
>      Then perhaps there is something wrong with your network connection
> that it breaks all circuits from time to time.

Nope. I have circuits open for days (ssh).